


   What's this ?
   -----------------------------------------------------------------------------

   Jonama is a piece of software acting as a relay between a client over the
   Net and your internal systems.

   It was developped which security in mind :

      * Use of SSL protocol to identify remotes and crypt channels.
      * Use of Unix mechanisms like chroot and setuid, to minimize rights and
        actions.

   Why ?
   -----------------------------------------------------------------------------

   I was looking for an SSL relay but each implementation (sslwrap, stunnel,
   bjorb) didn't support CA mode and load-balancing when I decide to start
   project (Feb/March 1999).

   Now (June 1999) stunnel support full certificate verification ;-)

   Since I work on RPM for mod_ssl, I decided to grab parts of this software to
   start my very own SSL relay.



   Features
   -----------------------------------------------------------------------------

   As of version 1.0, Jonama's feature :

      * Stand-alone server (no use of inetd wrapper).
      * SSL v2/v3/TLS 1 via SSLeay.
      * Multiples services proxying (ie telnet, imap, pop).
      * CA mode for reject of clients without valid certificates (SSLeay
        CA.sh).
      * Services could use multiples remotes servers, with automatic backup or
        load balancing (connection/traffic).
      * Free software.

   Needed software/hardware
   -----------------------------------------------------------------------------

   All you need is Unix Box and free software.

      * A free Unix, like Linux or FreeBSD.
      * SSL libraries (SSLeay or OpenSSL).

   Todo
   -----------------------------------------------------------------------------

   This is a very alpha software, we need also to :

      * Test, test and re-test to validate all securities aspects.
      * Port to others Unixes (I'm looking for a nice autoconf file).
      * Implement SSL in both entry (client-side) and exit (server-side).
      * Add others valitidy/redirection rules based on client certificate.
      * Correct by very bad english (Sorry I'm french ;-| )
      * A decent manual (Ouch).

   Credits
   -----------------------------------------------------------------------------

   I would like to thanks :

      * Ralf s. Engelschall for mod_ssl extension to Apache HTTP Server. It's
        code is both usefull and pedagogic and Jonama grab many parts of
        mod_ssl code .
      * Eric Young and Tim Hudson for SSLeay a powerfull and free SSL
        implementation libraries.
